SUMware
Premium
join:2002-05-21
1 edit | 100,000 Websites Destroyed by Hackers - 0 Day Vulnerability
100,000 websites destroyed by hackers - zero-day vulnerability
From The Register
8th June 2009 - quote:
Webhost hack wipes out data for 100,000 sites
Vaserv suspects zero-day virtualization vuln
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."
Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.
According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.
Some 50 percent of Vaserv's customers signed up for unmanaged service, which doesn't include data backup, Foster said. It remains unclear of those website owners will ever be able to retrieve their lost data, he said. As a result, at least half the websites that were hosted on the site remain offline.
"Since last night, I've had probably 40 phone calls from clients saying 'Why is my website down,'" said Daniel Voyce, a web developer for Nu Order Webs who uses Vaserv to host customer sites. "It's making me look bad."
Voyce said the hackers, given the high level of server access they gained, were likely able to intercept a wealth of sensitive data stored on Vaserv's servers. Voyce said his customers are safe because all sensitive information was encrypted.
Little is known about the people who attacked the site. So far, there are no known reports of individuals taking credit for the hack. The breach was likely the result of a SQL injection attack that penetrated Vaserv's central management software and removed vital binaries and data for about half of all user data stored by the service, Foster said.
"This wasn't someone randomly scanning things," he said. "It was a deliberate attack on our infrastructure."
Vaserv specializes in low-cost web hosting using VPS, or virtualized private servers. Virtualization features in LXLabs' HyperVM helped Vaserv provide the service, which costs a fraction of the price of dedicated server hosting.
It remains unclear how other webhosts using the HyperVM have been affected.
VAServ status here. |
|
dc006
@edu-praha11.cz
| Yes this is going out of control, I am one of the affected customer of Vaserv.
I was on managed hosting package the call it dedicated VPS (one VPS account on a box).
After 38 hours being off line, I still dont know what my server status is, I can not FTP to my server I cant do anything.
Iam loosing my customers one by one, this could result a bankrupt to my small business.
I've also paid for external back up (also provided by vaserv.com) and this is also not accessible.
Nobody is giving me an information on my VPS status, there is just a general status page at: »www.vaserv.com/
last update from billing department say that BlueSquare Data Group (www.bluesquaredatagroup.com) will be taking over the operations of Vaserv in the future.
This seems to me that they sold us (customers) to somebody else rather than take full responsibility for what happened. |
|
CJ
join:2000-07-18
USA
| reply to SUMware
I would venture to say that both companies, Vaserv & LXLabs, will no longer be in business.
Vaserv will go out because nobody will trust them anymore, although this seems to be out of their control. LXLabs will disappear so nobody can re-coop any money from them.
I'm not sure how the law works in situations like this since the company that appears to be at fault here is in India. |
|
Thomas M
join:2005-06-06
Germany
|  reply to SUMware
Re: 100,000 Websites Destr., Owner of LX Labs committed suicide
It seems that the impact of the attack is even stronger, because the owner of LX Labs just committed suicide:
•»timesofindia.indiatimes.com/Bang···3101.cms
Thomas  |
|
Sir Meowmix III
@windstream.net
| reply to SUMware
Re: 100,000 Websites Destroyed by Hackers - 0 Day Vulnerability
quote:
... his shoulder tattoo read `God is a F***** Idiot'
quote:
On his social networking site page, he wrote that his ambition was to kill God and he was an anti-Christ.
quote:
On Sunday night, Ligesh and Sheenu talked and drank till well past midnight and an agitated Ligesh talked about the death of his mother and sister.
Sounds like someone that wasn't too stable to begin with. |
|
JohnQPublic
Premium
join:2002-03-22
Xanadu
| reply to Thomas M
Re: 100,000 Websites Destr., Owner of LX Labs committed suicide
Wow! The LX Labs support forum is quite the read. I've never heard of that control panel, but this mess is certainly going to be a headache for many administrators.
--
I believe in God, only I spell it Nature. -Frank Lloyd Wright |
|
